Tactic or Technique: Exploit

Exploit-based attacks take advantage of software vulnerabilities to compromise your system, often without you needing to click a link or enter credentials. Instead of stealing passwords, attackers use specially crafted files that run malicious code when you open or preview an attachment.
You might see a booby-trapped Office document, PDF, or media file that targets a flaw in your browser or document viewer. Once the file is opened, the attacker can install malware, steal data, or get long-term access to your device without any obvious signs.
These attacks are dangerous because they don’t rely on tricking you with a fake login or link. A file might look completely normal, but opening it is enough. Exploits like this are often used as the first step in ransomware attacks, data theft, or more targeted intrusions.
The best defense is keeping your software up to date. Most of these attacks rely on known vulnerabilities that already have fixes available, as long as you've applied them.
Blog Post
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Sublime Security Attack Spotlight: Attempts to deliver malware by sending a fake purchase order.
Attack Types (4):
Callback Phishing
Malware/Ransomware
Credential Phishing
Spam
Detection Methods (12):
Computer Vision
Content analysis
Header analysis
Sender analysis
URL analysis
HTML analysis
File analysis
Exif analysis
Archive analysis
YARA
Macro analysis
OLE analysis
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Callback phishing via Xodo Sign comment
11d ago
Jan 12th, 2026
Sublime Security
Callback Phishing
Exploit
Impersonation: Brand
Out of band pivot
Social engineering
Computer Vision
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/callback-phishing-via-xodo-sign-comment-6f722c5d
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG
11d ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Evasion
Exploit
HTML smuggling
Scripting
Content analysis
HTML analysis
Sender analysis
/feeds/core/detection-rules/cve-2023-5631-roundcube-webmail-xss-via-crafted-svg-8405d61b
Attachment: CVE-2023-21716 - Microsoft Office Remote Code Execution Vulnerability
11d ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Exploit
Content analysis
File analysis
/feeds/core/detection-rules/attachment-cve-2023-21716-microsoft-office-remote-code-execution-vulnerability-23714cca
Attachment: LNK with embedded content
11d ago
Jan 12th, 2026
@ajpc500
Malware/Ransomware
Exploit
LNK
Scripting
Content analysis
Exif analysis
File analysis
/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a
Attachment: WinRAR CVE-2025-8088 exploitation
11d ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Exploit
Evasion
Archive analysis
File analysis
YARA
/feeds/core/detection-rules/attachment-winrar-cve-2025-8088-exploitation-33b3a82b
Callback Phishing via Signable E-Signature Request
11d ago
Jan 12th, 2026
Sublime Security
Callback Phishing
Exploit
Impersonation: Brand
Out of band pivot
Social engineering
Computer Vision
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/callback-phishing-via-signable-e-signature-request-4599575d
Callback phishing via SignFree e-signature request
11d ago
Jan 12th, 2026
Sublime Security
Callback Phishing
Exploit
Impersonation: Brand
Out of band pivot
Social engineering
Computer Vision
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/callback-phishing-via-signfree-e-signature-request-21381c37
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
11d ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
/feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f
Outlook hyperlink bypass: left-to-right mark (LRM) in base HTML tag
1mo ago
Dec 10th, 2025
Sublime Security
Credential Phishing
Evasion
Exploit
Content analysis
HTML analysis
URL analysis
/feeds/core/detection-rules/outlook-hyperlink-bypass-left-to-right-mark-lrm-in-base-html-tag-160cc681
Attachment: Archive containing HTML file with file scheme link
6mo ago
Jul 16th, 2025
Sublime Security
Credential Phishing
Evasion
Exploit
HTML smuggling
Social engineering
Archive analysis
File analysis
HTML analysis
/feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9
Mass campaign: Cross Site Scripting (XSS) attempt
6mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Spam
Exploit
Free email provider
Scripting
Social engineering
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/mass-campaign-cross-site-scripting-xss-attempt-6cbb7124
Open redirect: City of Calgary
8mo ago
May 23rd, 2025
Sublime Security
Credential Phishing
Exploit
Open redirect
Social engineering
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-city-of-calgary-00321858
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability
10mo ago
Mar 21st, 2025
Sublime Security
Credential Phishing
Scripting
Macros
Exploit
Archive analysis
Content analysis
File analysis
/feeds/core/detection-rules/attachment-cve-2025-24071-microsoft-windows-file-explorer-spoofing-vulnerability-2e69fa0b
Link: CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability
2y ago
Feb 15th, 2024
Sublime Security
Malware/Ransomware
Evasion
Exploit
URL analysis
/feeds/core/detection-rules/link-cve-2024-21413-microsoft-outlook-remote-code-execution-vulnerability-e8151426
Attachment: Archive contains DLL-loading macro
3y ago
Dec 28th, 2023
Sublime Security
Malware/Ransomware
Exploit
LNK
Macros
Scripting
Archive analysis
File analysis
Macro analysis
YARA
/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f